BT

New Early adopter or innovator? InfoQ has been working on some new features for you. Learn more

Microsoft to Stop Honoring SHA1 Certificates for SSL and Code Signing

| by Jonathan Allen Follow 131 Followers on Nov 20, 2013. Estimated reading time: 1 minute |

The US National Institute of Standards and Technology has recommended that SHA1 no longer be trusted past January of 2014. But with 98% of certificates issued world-wide being based on that standard an immediate change is no feasible. So Microsoft is giving websites until January first of 2017 to replace their SSL certificates with a more secure version.

Application vendors that need to sign their code are also affected. They only have until January first of 2016 to acquire new code signing certificates. “SHA1 code signing certificates that are time stamped before 1 January 2016 will be accepted until such time when Microsoft decides SHA1 is vulnerable to pre-image attack.”

These polices are subject to review in the middle of 2015. Two key factors that may affect Microsoft’s timelines are:

whether SHA1 is still considered resistant to pre-image attacks by the security community, and

whether a significant portion of the ecosystem is not capable of switching to SHA2. Third party legacy systems and embedded devices that cannot be upgraded to SHA2 may be particularly susceptible. We will continue to gather data on this portion of the ecosystem.

As currently written the SHA1 Deprecation Policy will apply to Windows Vista, Windows Server 2008, and later operating systems. Those still running Windows XP will need at least Service Pack 3 in order to use SHA2. Windows Server 2003 Service Pack 2 also supports SHA2.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT